Security best practices
In today’s world, ensuring the security of your device network is extremely important. While managing digital certificates
and passwords may seem like an excessive burden, the cost of the alternative is so substantial that you must assign resources
and take the time to implement the best practices covered by this topic.
 |
Always upgrade your platform and station to the latest software version. Install all patches and software updates. |
 |
Physical security is crucial. Secure all computer equipment in a locked room. Make sure that each station is only accessible by authorized users. |
 |
Physically protect wiring to prevent an unauthorized person from plugging in to your network. |
 |
Use digital certificates to secure data transmission over wires or wireless connections. If you must connect a host station directly to the public Internet, make sure you are using CA-signed certificates. |
 |
If your company is acting as its own CA (Certificate Authority), your root CA certificate must be separately installed in each station’s User Trust Store and each browser. |
 |
Physically protect the medium (usually a USB thumb drive) you use to back up and transport exported certificates. |
 |
Install browsers using only a trusted installation program. The program you use installs third-party certificates from CAs, such as VeriSign and Thawte. These must be trustworthy certificates. |
 |
For high-traffic stations (especially stations that provide public access to a controller network), secure niagarad with a separate certificate from that used for your FoxService and WebService. |
 |
Back up each station regularly. Embedded systems, such as JACE controllers write audit information to a rolling buffer. To avoid losing a station’s audit trail, regularly export audit histories to a Supervisor station. |